EHR safety guides target the health IT enterprise

By John Moore

Jan 30, 2014

Hospitals and doctors have been focused on digitizing their practices, but less attention is being paid to a lurking threat to provider and patient, according to health IT experts: the safety and security of electronic health record systems.

Now federal health IT officials are taking up the issue. Recently released guides from the White House’s Office of the National Coordinator for Health IT aim to help hospitals pursue health IT safety under the broader umbrella of patient safety programs.

ONC, which operates within the Department of Health and Human Services, earlier this month published the guides, which focus on safe deployment and use of electronic health record (EHR) systems. The Safety Assurance Factor for EHR Resilience (SAFER) Guides are available as downloadable PDF files or as a Web-based tool.

Reports over the past 18 months point to the issue of EHR safety. In a paper published online last June in the Annals of Emergency Medicine, members of the American College of Emergency Physicians cited a lack of emphasis on safety issues. The authors concentrated on emergency department information systems (EDIS), which are EHRs used in such departments.

“The electronic health records that are marketed and sold to hospitals and providers are all certified for use by the Certification Commission for Heath Information Technology, but this certification process is not focused on system safety issues,” the authors stated. “In fact, there is currently no mechanism in place to systematically allow, let alone encourage, users to provide feedback about ongoing safety issues or concerns with electronic health records, such as EDISs.”

The New England Journal of Medicine also raised the EHR safety issue in an article published in November 2012. The article suggested that EHR uptime and availability could become an issue in the event of a disaster.

“The potential consequences of an EHR failure become of increasing concern as large-scale EHR systems are deployed across multiple facilities within a health care system, often across a wide geographic area,” the article noted. “These broadly distributed systems may be tightly coupled and lightning fast, but that also means that a malfunction can rapidly affect not only a single department or institution but possibly an entire community.”

Playing it safer

An ONC spokesman said hospitals recognize the potential for safety issues with EHRs.

“Hospitals are certainly aware of many of the safety problems associated with EHRs, for instance with issues related to correct patient identification or with unplanned downtimes,” the spokesman said. “They know when clinicians report problems with usability. They know that system interfaces must reliably transmit information as intended and that system configuration decisions can lead to ‘alert fatigue.’”

The spokesman noted that hospitals have patient safety programs, which fall under the oversight of the Centers for Medicare & Medicaid Services (CMS) or accrediting bodies such as the Joint Commission. The SAFER Guides, he added, are designed to help healthcare organization leaders incorporate health IT safety into their ongoing patient safety programs.

“We expect it will require hospitals to engage a multi-disciplinary team, with clinician involvement, as well as EHR technology developers and diagnostic services providers,” the spokesman said.

The spokesman said EHR developers support the SAFER Guides, among other patient safety-related activities. In one example, The Electronic Health Record Association last June published an EHR Developer Code of Conduct, which includes a section on patient safety. The document states that EHR Association members will “share best practices with our customers for safe deployment, implementation, maintenance and use of our products.”

EHR Association members represent more than 40 companies that supply what the group describes as “the vast majority” of the EHRs used in physician practices and hospitals in the United States.

Safety background

The SAFER Guides’ release stems from the HHS Health IT Patient Safety Action and Surveillance Plan, which emerged in July 2013. The production of the SAFER Guides is included under the plan’s objective to “support research and development of testing, user tools and best practices related to health IT safety.”

Each SAFER Guide aims to address a critical area in the field of EHR safety. The guides consist of self-assessment checklists, practice worksheets and recommended practices.

“The nine SAFER Guides are designed to address the most pressing areas in which

EHR use can be optimized to improve patient safety,” the ONC spokesman said.

The High Priority Practices guide, for example, highlights measures such backing up data and application configurations and making sure hardware systems are redundant. The guide notes that mission-critical hardware systems such as database servers, network routers and connections to the Internet should be duplicated. The System Configuration guide, meanwhile, outlines the use of authentication mechanisms as a best practice. The practice states that “two-factor authentication is required for remote access to the servers’ ‘administrative’ accounts ... and clinicians’ remote access to patient data.”

“By and large, the evidence we have is that EHRs are safe and that, when designed, implemented and used correctly, they have enormous potential to improve patient safety,” the spokesman said. “The SAFER Guides concentrate on those areas where following certain practices will lead to safer EHRs, based upon the best evidence and expert opinion available on EHR safety.”